AliAlsinan/gist:0323e57d2345ef0b4e73c803dba93486

## gistfile1.txt
[description]
In Correspondence Management System (corms) in Newgen eGov 12.0, an
attacker can modify other users' profile information by manipulating
the unvalidated UserIndex parameter, aka Insecure Direct Object
Reference.
------------------------------------------
[VulnerabilityType Other]
Insecure direct object references (IDOR)
------------------------------------------
[Vendor of Product]
newgen software
------------------------------------------
[Affected Product Code Base]
Correspondence Management System (corms) - eGov 12.0
------------------------------------------
[Affected Component]
Profile Page of users. user can access and modify other personal setting page
------------------------------------------
[Attack Type]
Remote
------------------------------------------
[Impact Code execution]
true
------------------------------------------
[Impact Escalation of Privileges]
true
------------------------------------------
[Impact Information Disclosure]
true
------------------------------------------
[Attack Vectors]
user can manipulate parameter in personal setting page. this parameter can allow un-authorize access to change other user's personal information
------------------------------------------
[Reference]
https://newgensoft.com/solutions/industries/government/e-gov-office/
------------------------------------------
[Has vendor confirmed or acknowledged the vulnerability?]
true
------------------------------------------
[Discoverer]
ALI AL SINAN
------------------------------------------
[CVE]
CVE-2020-35737.
	[description]
	In Correspondence Management System (corms) in Newgen eGov 12.0, an
	attacker can modify other users' profile information by manipulating
	the unvalidated UserIndex parameter, aka Insecure Direct Object
	Reference.
	------------------------------------------
	[VulnerabilityType Other]
	Insecure direct object references (IDOR)
	------------------------------------------
	[Vendor of Product]
	newgen software
	------------------------------------------
	[Affected Product Code Base]
	Correspondence Management System (corms) - eGov 12.0
	------------------------------------------
	[Affected Component]
	Profile Page of users. user can access and modify other personal setting page
	------------------------------------------
	[Attack Type]
	Remote
	------------------------------------------
	[Impact Code execution]
	true
	------------------------------------------
	[Impact Escalation of Privileges]
	true
	------------------------------------------
	[Impact Information Disclosure]
	true
	------------------------------------------
	[Attack Vectors]
	user can manipulate parameter in personal setting page. this parameter can allow un-authorize access to change other user's personal information
	------------------------------------------
	[Reference]
	https://newgensoft.com/solutions/industries/government/e-gov-office/
	------------------------------------------
	[Has vendor confirmed or acknowledged the vulnerability?]
	true
	------------------------------------------
	[Discoverer]
	ALI AL SINAN
	------------------------------------------
	[CVE]
	CVE-2020-35737.